Hello All,
I am setting up ipsec tunnel between two peer using racoon.
My setup.
pc(subnet)-----------pc:1-------------------pc:2------------subnet(pc)
192.168.3.0/24 192.168.101.111 192.168.101.113 192.168.2.0/24
My configuration on pc:1
###############################################################
path pre_shared_key "/etc/psk.txt";
remote 192.168.101.113 {
exchange_mode main;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
sainfo address 192.168.3.0/24 any address 192.168.2.0/24 any {
pfs_group modp768;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
###############################################################
Configuration on pc:2
path pre_shared_key "/etc/psk.txt";
remote 192.168.101.111 {
exchange_mode main;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
sainfo address 192.168.2.0/24 any address 192.168.3.0/24 any {
pfs_group modp768;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
###############################################################
spd policies in setkey.conf
#!/usr/sbin/setkey -f
#
# Flush SAD and SPD
flush;
spdflush;
# Create policies for racoon on pc1
spdadd 192.168.3.0/24 192.168.2.0/24 any -P out ipsec
esp/tunnel/192.168.101.111-192.168.101.113/require;
spdadd 192.168.2.0/24 192.168.3.0/24 any -P in ipsec
esp/tunnel/192.168.101.113-192.168.101.111/require;
But When i ping from subnet behind pc-2 to subnet behind pc-1 ,
destination host unreachable.
I have rule on pc-2
route add -net 192.168.3.0/24 via 192.168.101.113
Still no Success,
Do i need to add some iptables rules ???
Thanks
Tushar
Unable to ping local subnet behind peer in IPSEC
